package com.yp.infrastructure.shiro.service;

import org.springframework.beans.factory.config.BeanPostProcessor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.List;

/**
 * 应用需要实现此方法，进行细项控制
 */
public interface ISecurityService extends BeanPostProcessor {


    /**
     * 前置处理
     * @param request ...
     * @param response ...
     */
    default void preHandle(HttpServletRequest request, HttpServletResponse response) {

    }

    /**
     * 后置处理
     * @param request ...
     * @param response ...
     */
    default void postHandle(HttpServletRequest request, HttpServletResponse response) {

    }


    default <T> T getUserCredential(String token) {
        return null;
    }

    /**
     * 由具体应用去判断，当前请求是否被通过
     * @param token .
     * @return .
     */

    default boolean isAccessAllowed(String token) {
        return true;
    }

    /**
     * 不需要经过权限控制的Url
     * @return .
     */
    default List<String> urls() {
        return new ArrayList<>();
    }
}
